Best of Times, Worst of Times: Is Virtualization in the Data Center a Problem or an Opportunity?

First, are you virtualizing your data center? (Universally the answer is yes.)

Second, have you deployed any virtual security solution? (Universally the answer is no.)

Wow. How can this be? Does a virtual data center not need security? Not a chance. It needs security more than ever. Most customers are confining their virtualized infrastructure into secure zones, or virtual local area networks (VLANs). That’s useful for a first phase, but excessive VLAN segmentation holds us back from achieving the efficiencies of the utility computing model—and it also gets really complicated really quickly.

To best leverage the next phase of virtualization, in which companies begin to roll out large-scale utility computing models, we can’t simply repackage today’s security tools by wrapping them in a virtual machine (VM) or retrofitting them to chop up the infrastructure into thousands of VLANs. We need to re-imagine virtual security—not simply repackage it. This project is not a small body of work.

Solving the virtual data center segmentation problem is an important first step in creating the virtual security suite. But moving beyond segmentation and basic access control, the virtual world provides opportunities for innovative security that the physical world simply cannot fathom.

Consider, for example, the interesting area of advanced threat defense in a virtual environment. Today’s most dangerous threats are highly targeted—custom crafted and launched in a population of one at a specific application. (Think Koobface, the massive attack on Facebook users that hit a few months ago.) These threats successfully bypass many conventional security systems, which rely on signatures. Stopping these attacks requires a new approach.

Virtualization offers some compelling new capabilities to deal with these attacks. For starters, a virtual data center provides excellent awareness of what application is actually running. This capability helps because it provides important context for a security device to make a more accurate decision about friend vs. foe. (For example: “Gee, I know this is an Oracle financial application, and I see a user repeatedly accessing and downloading data from a machine that I also notice was in contact with a malicious website. Hmmm…maybe this action should be blocked.”) Another capability provided by a virtual data center is enhanced application profiling, which is made possible in a virtualized environment. Techniques such as extracting operating parameters, comparing application profiles across VMs (to look for signs that one has been successfully attacked), and analyzing application behavior in memory (as opposed to just code stored on disk) are far easier in a virtual environment and provide a huge advantage for stopping the most sophisticated threats. We might even spawn a copy of a suspect application and move it to the “threat lab” for further analysis by security specialists.

The net-net is that virtualization in the data center is a really big deal. It will redefine the nature of security solutions, and therefore it’s likely to redefine the vendor landscape. Virtual security is both a big challenge and a big opportunity for the security industry.

2 Comments.

Of course, it will be however, I believe that the virtualization technology can give birth to new future and highly effective technologies. Definitely, a virtual data center needs security in order to prevent disasters and for the safety of the data stored on their servers. Just like physical, the virtual security is also needed to ensure the security of the sensitive information. You can create futuristic technologies using the virtual environment, but without a proper security nothing is safe in this world. Preparation is the best defense against disasters.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.